Update net/third_party/nss to NSS_3_15_5_BETA2.

net/third_party/nss/patches/fallbackscsv.patch

Index: net/third_party/nss/patches/fallbackscsv.patch
===================================================================
--- net/third_party/nss/patches/fallbackscsv.patch	(revision 245705)
+++ net/third_party/nss/patches/fallbackscsv.patch	(working copy)
@@ -1,6 +1,6 @@
 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-03 19:44:44.807185186 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-03 19:44:54.857349534 -0800
+--- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:46:51.999581198 -0800
++++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:47:05.509804656 -0800
 @@ -3473,6 +3473,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffe
      case certificate_unknown: 	error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
  			        					  break;
@@ -60,15 +60,7 @@
      for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
  	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
  	if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
-@@ -5416,6 +5437,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
- 
- 	extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
- 	if (extLen < 0) {
-+	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
- 	    return SECFailure;
- 	}
- 	maxBytes -= extLen;
-@@ -8083,6 +8105,19 @@ ssl3_HandleClientHello(sslSocket *ss, SS
+@@ -8084,6 +8105,19 @@ ssl3_HandleClientHello(sslSocket *ss, SS
  	goto loser;		/* malformed */
      }
  
@@ -89,8 +81,8 @@
      rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
      if (rv != SECSuccess) {
 diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
---- a/nss/lib/ssl/ssl3prot.h	2014-01-03 19:39:28.442012014 -0800
-+++ b/nss/lib/ssl/ssl3prot.h	2014-01-03 19:44:54.857349534 -0800
+--- a/nss/lib/ssl/ssl3prot.h	2014-01-17 17:59:03.242109996 -0800
++++ b/nss/lib/ssl/ssl3prot.h	2014-01-17 18:47:05.509804656 -0800
 @@ -98,6 +98,7 @@ typedef enum {
      protocol_version        = 70,
      insufficient_security   = 71,
@@ -100,8 +92,8 @@
      no_renegotiation        = 100,
  
 diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
---- a/nss/lib/ssl/sslerr.h	2014-01-03 19:39:28.442012014 -0800
-+++ b/nss/lib/ssl/sslerr.h	2014-01-03 19:44:54.877349862 -0800
+--- a/nss/lib/ssl/sslerr.h	2014-01-17 17:59:03.242109996 -0800
++++ b/nss/lib/ssl/sslerr.h	2014-01-17 18:47:05.509804656 -0800
 @@ -196,6 +196,7 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM
  SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
  SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
@@ -111,8 +103,8 @@
  SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
  } SSLErrorCodes;
 diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
---- a/nss/lib/ssl/SSLerrs.h	2014-01-03 19:39:28.442012014 -0800
-+++ b/nss/lib/ssl/SSLerrs.h	2014-01-03 19:44:54.907350351 -0800
+--- a/nss/lib/ssl/SSLerrs.h	2014-01-17 17:59:03.242109996 -0800
++++ b/nss/lib/ssl/SSLerrs.h	2014-01-17 18:47:05.509804656 -0800
 @@ -421,3 +421,8 @@ ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (S
  
  ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
@@ -123,31 +115,31 @@
 +" handshake failure, but the server indicated that it should not have been"
 +" needed.")
 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-03 19:44:44.807185186 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-03 19:44:54.907350351 -0800
-@@ -163,6 +163,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
- #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
+--- a/nss/lib/ssl/ssl.h	2014-01-17 18:46:51.999581198 -0800
++++ b/nss/lib/ssl/ssl.h	2014-01-17 18:48:54.971613341 -0800
+@@ -183,6 +183,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
+ 
  /* Request Signed Certificate Timestamps via TLS extension (client) */
- #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25
-+#define SSL_ENABLE_FALLBACK_SCSV       26 /* Send fallback SCSV in
+ #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
++#define SSL_ENABLE_FALLBACK_SCSV       28 /* Send fallback SCSV in
 +                                           * handshakes. */
  
  #ifdef SSL_DEPRECATED_FUNCTION 
  /* Old deprecated function names */
 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-03 19:44:44.807185186 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-03 19:44:54.907350351 -0800
-@@ -336,6 +336,7 @@ typedef struct sslOptionsStr {
-     unsigned int cbcRandomIV                : 1;  /* 24 */
-     unsigned int enableOCSPStapling	    : 1;  /* 25 */
-     unsigned int enableSignedCertTimestamps : 1;  /* 26 */
-+    unsigned int enableFallbackSCSV	    : 1;  /* 27 */
+--- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:46:51.999581198 -0800
++++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:51:17.963962287 -0800
+@@ -338,6 +338,7 @@ typedef struct sslOptionsStr {
+     unsigned int enableNPN              : 1;  /* 26 */
+     unsigned int enableALPN             : 1;  /* 27 */
+     unsigned int enableSignedCertTimestamps : 1;  /* 28 */
++    unsigned int enableFallbackSCSV     : 1;  /* 29 */
  } sslOptions;
  
  typedef enum { sslHandshakingUndetermined = 0,
 diff -pu a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
---- a/nss/lib/ssl/sslproto.h	2014-01-03 19:43:07.025586219 -0800
-+++ b/nss/lib/ssl/sslproto.h	2014-01-03 19:44:54.907350351 -0800
+--- a/nss/lib/ssl/sslproto.h	2014-01-17 18:10:16.793281867 -0800
++++ b/nss/lib/ssl/sslproto.h	2014-01-17 18:47:05.509804656 -0800
 @@ -172,6 +172,11 @@
   */
  #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV	0x00FF
@@ -161,21 +153,21 @@
   * RFCs.
   */
 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-03 19:44:44.807185186 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-03 19:44:54.907350351 -0800
-@@ -86,7 +86,8 @@ static sslOptions ssl_defaults = {
-     PR_FALSE,   /* enableFalseStart   */
-     PR_TRUE,    /* cbcRandomIV        */
+--- a/nss/lib/ssl/sslsock.c	2014-01-17 18:46:52.009581364 -0800
++++ b/nss/lib/ssl/sslsock.c	2014-01-17 18:59:17.931852364 -0800
+@@ -88,7 +88,8 @@ static sslOptions ssl_defaults = {
      PR_FALSE,   /* enableOCSPStapling */
+     PR_TRUE,    /* enableNPN          */
+     PR_FALSE,   /* enableALPN         */
 -    PR_FALSE    /* enableSignedCertTimestamps */
 +    PR_FALSE,   /* enableSignedCertTimestamps */
 +    PR_FALSE    /* enableFallbackSCSV */
  };
  
  /*
-@@ -782,6 +783,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
-        ss->opt.enableSignedCertTimestamps = on;
-        break;
+@@ -792,6 +793,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ 	ss->opt.enableSignedCertTimestamps = on;
+ 	break;
  
 +      case SSL_ENABLE_FALLBACK_SCSV:
 +       ss->opt.enableFallbackSCSV = on;
@@ -184,27 +176,27 @@
        default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
  	rv = SECFailure;
-@@ -855,6 +860,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
+@@ -867,6 +872,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-        on = ss->opt.enableSignedCertTimestamps;
-        break;
+ 	on = ss->opt.enableSignedCertTimestamps;
+ 	break;
 +    case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
  
      default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -919,6 +925,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+@@ -933,6 +939,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-        on = ssl_defaults.enableSignedCertTimestamps;
-        break;
+ 	on = ssl_defaults.enableSignedCertTimestamps;
+ 	break;
 +    case SSL_ENABLE_FALLBACK_SCSV:
-+       on = ssl_defaults.enableFallbackSCSV;
-+       break;
++	on = ssl_defaults.enableFallbackSCSV;
++	break;
  
      default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1090,6 +1099,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
-        ssl_defaults.enableSignedCertTimestamps = on;
-        break;
+@@ -1112,6 +1121,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+ 	ssl_defaults.enableSignedCertTimestamps = on;
+ 	break;
  
 +      case SSL_ENABLE_FALLBACK_SCSV:
 +       ssl_defaults.enableFallbackSCSV = on;